william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added multiple services and a module

Browse source
This commit is contained in:
baduhai 2023-01-04 12:53:06 -03:00
parent 5f558d597d
commit 67faa4a5a8
12 changed files with 236 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/servers/alexandria/default.nix
View file

@ -3,7 +3,6 @@
{
imports = [
./hardware-configuration.nix
./hosted-services.nix
./security.nix
./users.nix
./services

8
hosts/servers/alexandria/security.nix
View file

@ -1,10 +1,10 @@
{ config, pkgs, libs, ... }:
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
age.secrets.cloudflare-creds = {
file = ../../../secrets/cloudflare-creds.age;
owner = "nginx";
group = "hosted";
file = ../../../secrets/cloudflare-creds.age;
owner = "nginx";
group = "hosted";
};
security.acme = {

60
hosts/servers/alexandria/services/arr.nix Normal file
View file

@ -0,0 +1,60 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
services = {
transmission = {
enable = true;
group = "hosted";
settings = {
download-dir = "/data/torrent_storage/completed";
incomplete-dir = "/data/torrent_storage/incomplete";
incomplete-dir-enabled = true;
rpc-authentication-required = false;
rpc-host-whitelist-enabled = true;
rpc-whitelist-enabled = true;
peer-port = 57298;
speed-limit-down = 5000;
speed-limit-down-enabled = true;
speed-limit-up = 500;
speed-limit-up-enabled = true;
alt-speed-down = 5000;
alt-speed-enabled = false;
alt-speed-time-begin = 240;
alt-speed-time-day = 127;
alt-speed-time-enabled = true;
alt-speed-time-end = 480;
alt-speed-up = 1500;
utp-enabled = false;
};
};
flood = {
enable = true;
user = "transmission";
group = "hosted";
port = "${config.ports.flood}";
};
jellyfin = {
enable = true;
group = "hosted";
};
radarr = {
enable = true;
group = "hosted";
};
sonarr = {
enable = true;
group = "hosted";
};
bazarr = {
enable = true;
group = "hosted";
};
prowlarr.enable = true;
};
}

10
hosts/servers/alexandria/services/containerised.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, libs, ... }:
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
virtualisation = {
@ -9,7 +9,7 @@
"cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [
"8002:80"
"${config.ports.cinny}:80"
];
extraOptions = [
"--pull=always"
@ -21,7 +21,7 @@
TZ = "Europe/Berlin";
};
ports = [
"8003:80"
"${config.ports.librespeed}:80"
];
extraOptions = [
"--pull=always"
@ -41,7 +41,7 @@
"/data/syncthing/notes:/sync/notes"
];
ports = [
"8006:8384"
"${config.ports.syncthing}:8384"
"22000:22000"
"21027:21027/udp"
];
@ -60,7 +60,7 @@
WHOOGLE_CONFIG_GET_ONLY = "1";
};
ports = [
"8007:5000"
"${config.ports.whoogle}:5000"
];
extraOptions = [
"--pull=always"

10
hosts/servers/alexandria/services/default.nix
View file

@ -1,13 +1,11 @@
{ ... }:
let
N8N_PORT = "5678";
BAZAAR_PORT = "6767";
in
{
imports = [
./nginx.nix
./containerised.nix
./variables.nix
./utility.nix
./nginx.nix
./arr.nix
];
}

17
hosts/servers/alexandria/services/gaming.nix Normal file
View file

@ -0,0 +1,17 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
services.minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
package = pkgs.papermc;
serverProperties = {
motd = "Bem-vindo a Alexandria";
difficulty = "hard";
gamemode = "survival";
};
dataDir = "/data/minecraft";
};
}

39
hosts/servers/alexandria/services/nginx.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, libs, ... }:
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
services.nginx = {
@ -8,26 +8,23 @@
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = let
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
in {
"baduhai.me".root = inputs.homepage;
"bazarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:6767";
"bitwarden.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
"cinny.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8002";
"detect.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.changedetection-io.port}";
"jellyfin.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8096";
"librespeed.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8003";
"n8n.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${N8N_PORT}";
"paperless.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}";
"prowlarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:9696";
"radarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:7878";
"shiori.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.shiori.port}";
"sonarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8989";
"sync.baduhai.me"locations."/".proxyPass = "http://127.0.0.1:8006";
"whoogle.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8007";
virtualHosts = {
"baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; root = inputs.homepage; };
"bazarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}"; };
"bitwarden.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}"; };
"cinny.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}"; };
"detect.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.changedetection-io}"; };
"flood.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.flood}"; };
"jellyfin.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}"; };
"librespeed.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}"; };
"n8n.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.n8n}"; };
"paperless.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.paperless}"; };
"prowlarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.prowlarr}"; };
"radarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.radarr}"; };
"shiori.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.shiori}"; };
"sonarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.sonarr}"; };
"sync.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.syncthing}"; };
"whoogle.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.whoogle}"; };
};
};
}

46
hosts/servers/alexandria/hosted-services.nix → hosts/servers/alexandria/services/utility.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, libs, ... }:
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
age.secrets = {
@ -16,7 +16,7 @@
DOMAIN = "https://bitwarden.baduhai.me";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8000;
ROCKET_PORT = "${config.ports.vaultwarden}";
};
};
@ -25,21 +25,16 @@
group = "hosted";
behindProxy = true;
datastorePath = "/data/changedetection";
port = 8001;
port = "${config.ports.changedetection-io}";
baseURL = "https://detect.baduhai.me";
};
jellyfin = {
enable = true;
group = "hosted";
};
paperless = {
enable = true;
dataDir = "/data/paperless/data";
mediaDir = "/data/paperless/media";
passwordFile = config.age.secrets.paperless-pass.path;
port = 8004;
port = "${config.ports.paperless}";
consumptionDirIsPublic = true;
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "eng+por+deu";
@ -48,40 +43,9 @@
shiori = {
enable = true;
port = 8005;
port = "${config.ports.shiori}";
};
radarr = {
enable = true;
group = "hosted";
};
sonarr = {
enable = true;
group = "hosted";
};
bazarr = {
enable = true;
group = "hosted";
};
prowlarr.enable = true;
n8n.enable = true;
minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
package = pkgs.papermc;
serverProperties = {
motd = "Bem-vindo a Alexandria";
difficulty = "hard";
gamemode = "survival";
};
dataDir = "/data/minecraft";
};
};
}

28
hosts/servers/alexandria/services/variables.nix Normal file
View file

@ -0,0 +1,28 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
let
mkStringOption = default: lib.mkOption {
inherit default;
type = lib.types.str;
};
in
{
options.ports = {
n8n = mkStringOption "5678";
bazaar = mkStringOption "6767";
radarr = mkStringOption "7878";
vaultwarden = mkStringOption "8000";
changedetection-io = mkStringOption "8001";
cinny = mkStringOption "8002";
librespeed = mkStringOption "8003";
paperless = mkStringOption "8004";
shiori = mkStringOption "8005";
syncthing = mkStringOption "8006";
jellyfin = mkStringOption "8096";
whoogle = mkStringOption "8007";
flood = mkStringOption "8008";
sonarr = mkStringOption "8989";
prowlarr = mkStringOption "9696";
};
}

2
hosts/servers/alexandria/users.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, libs, ... }:
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
users = {